What do you do after your business has suffered a data breach? What are your legal obligations and responsibilities? What happens when your company’s computer system is seized and locked by an extortionist who is demanding payment, in Bitcoin, to release your computers unharmed? What happens to the reputation of your company, that you spent years or decades building, when it inevitably becomes public that you had inadequate computer security which compromised hundreds or thousands of your clients’ files and personal information? Who do you call? No, not “Ghostbusters.” If you purchased Cyber Liability coverage you can contact your insurance company and they will be there to help you.
According to the 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses (organizations with fewer than 250 employees) as these entities are perceived as having weaker security systems than larger companies. Even Google has been hacked, and they pay millions in salaries to their IT people, so does any business stand a chance? Yes, you can be sued if your company computer systems are hacked, the “data” on that system is compromised, and someone suffers financial harm as a result. Assuming you purchased third-party liability coverage as part of your Cyber Liability program, your insurance company will defend you and pay indemnity to a third-party on your behalf, whether that is to an individual client or a business partner.
By Noel K. Walsh, CPCU CRM CIC AAI CRIS MLIS